cPanel Exploit in Filemanager

In my usual round of checking mail logs, I noticed spam emails being sent from:

/home/<username> /usr/local/cpanel/bin/noshell

Logs showed over a thousand emails being sent from that. We managed to catch the vast majority before it was sent out, but what bothers me is that I don't see how the location /usr/local/cpanel/bin/noshell can send out spam...

Then I came across this website www.xatrix.org/article.php?s=4318 which states the exploit in cPanel Wysiwyg & filemanager. Would the spam being sent out from */bin/noshell be related to this cPanel exploit?

I read somewhere someone had the same problem, but upon investigation, found out it was mail forwarders routing mail on the domain that the user setup, but my particular user doesn't have any forwarders set up.

Anyone with any ideas?

Thanks
Rameen

 

 

 

 

Top